Re: SOAP header for authentication etc

Hi,

	Saw your posting. Yes, we need support for security. Building in security
related stuff in the SOAP specification will add interoperability. This is
more important now, because BizTalk is based on SOAP.

	As you know BizTalk is agnostic to Temporal and spatial requirements plus
it is distributed across organizations. So we need security mechanisms as we
do not know where the documents will travel thru and reside, ques, mail
slots, ftp sites et al. I really wouldn't trust an open PO thru the BizTalk
framework as it stand now (agreed it is only a draft)

	I would like to see the following security related features(and an ready to
offer help. We should be able to sit together and figure out common
requirements)

	1.	Authentication (not only between servers and clients but between
applications)
	2.	I am also a fan of Role Based Authorizations and would like to see if we
can extend that concept.
	3.	Support for confidentiality, Integrity and repudiation - Signatures,
certificates, time services et al


	FYI, I come from the B2B world (RosettaNet et al) and so wouldn't mind
seeing these at BizTalk level. What do you think ? What we do not want is
two signatures and two encryptions - one at BizTalk level and another at
SOAP level.

	cheers

Received on Tuesday, 4 July 2000 14:31:04 UTC